Cyber Security Today, Dec. 15, 2023 – A botnet expands, threats to unpatched TeamCity servers, and more

Share post:

A botnet expands, threats to unpatched TeamCity servers, and more.

Welcome to Cyber Security Today. It’s Friday, December 15th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

A botnet of compromised small and home office firewalls and routers continues to expand. Researchers at Lumen say those behind what it calls the KV-botnet most recently added internet-connected video cameras made by Axis and Netgear ProSafe firewalls. Lumen suspect the botnet is growing so it can be used for phishing campaigns during the holiday season. The researchers aren’t sure how devices are being infected. But they believe it’s run by a threat group dubbed Volt Typhoon or Bronze Silhouette by other researchers. It’s a state-sponsored group based in China that has been infiltrating critical infrastructure providers in the U.S. Often this botnet takes over out-of-date devices that can’t receive security patches anymore so they are ripe for picking. The report is a warning to IT and network leaders — as well as homeowners — to get rid of internet-connected equipment that isn’t supported anymore. At the very least make sure devices are regularly rebooted because that will flush some types of malware.

Unpatched servers hosting JetBrains’ TeamCity software are being exploited by Russian government hackers. That’s according to cyber authorities in the U.S., the U.K. and Poland. The Russian group, known as CozyBear, Nobelium or APT29 by security researchers, has been exploiting a vulnerability since September. Because TeamCity is used by software developers, a successful hacker gets access to source code and signing certificates that can be used to authenticate malware — everything needed for a supply chain attack. Companies using compromised and internet availableTeamCity servers have been found in the United States, Europe, Asia, and Australia. They include an energy trade association, internet hosting providers and more. Administrators of TeamCity who haven’t applied recent patches or workarounds should assume their servers have been compromised and take action.

Here’s another example of someone not configuring a database properly and leaving it open in the internet. It was discovered by security researcher Jeremiah Fowler and appears to belong to an American company that makes a cloud-based management suite for nonprofits. It has subscribing organizations around the world. Had someone found this particular database they would have been able to download over 460GB of data. Fowler saw a document from a hospital charity that named a child, their medical conditions and their doctor. This is another reminder that organizations have to make sure all employees handling the personal data of customers and employees know how to protect data from exposure. In addition IT leaders have to constantly watch data stores created by employees for security breaches.

On a November podcast I told you that personal information of staff working at the Idaho National Laboratory, a federal nuclear energy research facility, had been stolen. The number of victims has now been released: It’s just over 45,000 current and former employees, their spouses and dependents. The notice to victims says the data was stolen from an off-site data centre and not the lab’s IT system.

Finally, users of the Discord voice, video and chat app can now use security key-based multifactor authentication to protect their accounts from being hacked. That means they can use Windows Hello, Apple Face ID, Touch ID or physical security keys for logging in to Discord.

That’s it for this podcast. However, later today the Week in Review edition will be available. Guest Terry Cutler of Cyology Labs will join me to discuss a report on the readiness of the U.K. to face malware, why applications with old versions Log4j is still being compromised and more.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 15, 2023 – A botnet expands, threats to unpatched TeamCity servers, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways